google_user
Use the google_user
InSpec audit resource to test properties of a single GCP user.
Syntax
A google_user
resource block declares the tests for a single GCP user by principal email address or immutable ID.
describe google_user(user_key: 'principal_email_address@domain.com') do
it { should exist }
end
Examples
The following examples show how to use this InSpec audit resource.
Test that a GCP user with specified ID exists
describe google_user(user_key: '110491234567894702010') do
it { should exist }
end
Test that a GCP user has expected full name
describe google_user(user_key: '110491234567894702010') do
its('name.full_name') { should eq "Bill S. Preston Esq." }
end
Test that a GCP user has MFA enabled
describe google_user(user_key: 'theodore_ted_logan@excellentadventure.com') do
it { should have_mfa_enabled }
end
Test that a GCP user is suspended or not
describe google_user(user_key: 'theodore_ted_logan@excellentadventure.com') do
it { should_not be_suspended }
end
Properties
-
agreed_to_terms
,archived
,change_password_at_next_login
,creation_time
,customer_id
,emails
,etag
,id
,include_in_global_address_list
,ip_whitelisted
,is_admin
,is_delegated_admin
,is_enforced_in2_sv
,is_enrolled_in2_sv
,is_mailbox_setup
,kind
,last_login_time
,name
,non_editable_aliases
,org_unit_path
,primary_email
,suspended
GCP Permissions
Ensure the G Suite Admin SDK Directory API is enabled and you have sufficient privileges to list users.